成长值: 64615
|
题目不是很完整,答案仅供参考
1 {# q/ Y: T- a- H
, B* w7 m8 F5 J* V1 TQuestion 01:$ }+ _) r4 R- }, y6 G7 N7 s
Witch access list entry checks for an ACK within a packet header?
' J5 { D6 b- }, Z$ HA access-list 49 permit ip any any eq 21 tcp-ack; `" N/ x. n- ]) r3 e+ e
B access-list 49 permit tcp any any eq 21 tcp-ack
# w. A8 |5 ^5 \# l3 L% mC access-list 149 permit tcp any any eq 21 established
# L! e0 n6 b* V2 FD access-list 49 permit tcp any any eq 21 established
& P; [; Z) {2 X! }( GAns: C
l+ ^; J6 G& O4 q/ x———————————————————————————- Z0 E* @8 w; U @0 D n. e
Question 02:
9 L {, E" P) n D* ] dWhich option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?$ v8 |, X+ s0 ?+ H
A performing packet captures* x6 h( V R0 n4 |! C `4 k1 b) v
B disabling asr-group commands on interfaces that are likely to receive asymetric traffic, {7 y; ~; J1 r2 ^% X! W0 I
C replacing them with redundant routers and allowing load balancing
; V+ }2 y: z0 g, iD disabling stateful TCP checks
, N4 S% O% a+ }3 P! }/ }8 ZAns: D
# e& m1 O% r1 n" i0 x3 r" r, z9 R% w: H" n. {' ^
3 U, b7 [* M! d7 u
|
|